[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] UK Cabinet Office Task Force on Encryption and Law Enforce


-------------------------------- CUT --------------------------------

26 May 1999. Thanks to CB/FIPR. 

(Notes for Editors, background information on www.fipr.org)


The Cabinet Office Task Force on Encryption and Law Enforcement has
published its report at: 


Caspar Bowden, director of the Foundation for Information Policy
Research (www.fipr.org) agreed with the report's conclusion that "key
escrow as a condition of licensing would not deliver to law
enforcement agencies even a reasonable amount of assured access to
decrypted communications."

Bowden said "it is a very thorough analysis, which clearly
demonstrates why public-key cryptography requires a new approach to
interception and law enforcement. The joint Government and Industry
forum should be balanced by independent civil liberties
representatives, to consider how new Internet policing methods may
require new forms of oversight and safeguards. For example, putting
the onus on a person to prove that they DO NOT possess a decryption
key could lead to miscarriages of justice."

Official Summary of PIU report
"Developments in encryption technology, products and services carry
significant benefits in increasing consumers' levels of trust in the
Internet, and particularly in e-commerce. However, they also give rise
to a number of challenges for law enforcement, where it will become
more difficult to derive intelligence from lawfully intercepted
communications and retrieved data. This report considers the
Government's response to the issues of encryption, e-commerce and law
enforcement. The report is framed by two key objectives for the

*) to make the UK the best environment in the world in which to trade
electronically; and

*) to ensure that the UK remains a safe country in which to live
and work.

The task force concluded that no single technique or system was likely
to be enough to sustain law enforcement capabilities in the face of
rising use of encryption by criminals. This being the case, a package
of measures was needed to mitigate the consequences as set out below.


The voluntary licensing of providers of encryption services, proposed
in the recent DTI consultation document on the forthcoming Electronic
Commerce Bill, will help improve consumers' confidence and therefore
support the development of e-commerce in the UK. However, these
licensed providers should not be required to retain 'decryption keys'
or to deposit them with third parties (i.e. no mandatory 'key
escrow'). Whilst the introduction of a mandatory link between licensed
providers of services and key escrow would provide the best technical
solution to many of the problems caused by encryption, in practice it
would not support achievement of both of the Government's objectives.

The Government should adopt a new approach based on co-operation
with industry to balance the aim of giving the UK the world's best
environment for e-commerce with the needs of law enforcement. There is
no 'silver bullet' policy that guarantees that the development of
encryption will not affect law enforcement capabilities.

*) A new Government/industry joint forum should be established to
discuss the development of encryption technologies and to ensure that
the needs of law enforcement agencies are taken into account by the
market. This new co-operation should also be promoted at the
international level. The forum should consist of a high-level group to
discuss policy issues and be supported by specialist technical and
legal groups.

*) A new Technical Assistance Centre should be established, operating
on a 24-hour basis, to help law enforcement agencies derive
intelligence from lawfully intercepted encrypted communications and
lawfully retrieved stored data. The Technical Assistance Centre will
also be responsible for gaining access to decryption keys, where they
exist, under proper authorisation.

*) The task force welcomes the intention to include in the forthcoming
Electronic Commerce Bill provisions to allow lawful access to
decryption keys and/or plain text under proper authority. The task
force also recommended that further attention should be given in the
Bill to placing the onus on the recipient of a disclosure notice to
prove to the authorities that the requested keys or plain text are not
in his possession, and to state to the best of his knowledge and
belief where they are.

*) The UK should encourage the development of an international
framework, including a new forum, to deal with the impact of
encryption on law enforcement."

Caspar Bowden                    http://www.fipr.org
Director, Foundation for Information Policy Research
Tel: +44(0)171 354 2333      Fax: +44(0)171 827 6534

-------------------------------- CUT --------------------------------